Privacy

Zikr is a listening service. We try to collect as little about you as we can while still making the product work. This page summarizes what we keep and why. It is not a substitute for legal advice — review it against your jurisdiction before relying on it.

What we store

• Account — email, name (optional), password (hashed with bcrypt). Used to sign you in and send password reset emails.
• Playback state — for registered users only, the station + track + second you paused at, so you can resume. Guests are never saved.
• Social activity — likes, follows, comments. These are visible to other listeners by design.
• Anonymous device ID — a UUID generated in your browser to associate non-logged-in activity with you on the same device.
• Server logs — IP + request paths for a short window, for abuse prevention.

What we don't do

• No third-party advertising trackers, no behavioural ad networks.
• No selling or sharing of personal data with brokers.
• No analytics beyond aggregate counts (e.g. "how many people listened to this station today").

Audio

Zikr is a player. The audio files themselves are streamed directly from their hosts (e.g. archive.org or other public sources) — we do not proxy or store your listening session beyond the resume position above.

Your rights

You can delete your account at any time from Settings. Deletion removes your account, likes, follows, comments, history, and saved playback state. For an export of your data, write to us via the contact form.

Cookies

We set a single first-party session cookie (zikr_session) when you log in. It's HttpOnly, Secure, and SameSite=Lax. We use localStorage for a handful of UX preferences (theme, last-played position). That's all.

Changes

If this policy changes materially, signed-in users will see a notice on next sign-in.